Airtel mobile app had a critical security flaw that could have put over 325 million customers at risk by exposing their personal data.
The security flaw has created confusion in the minds of people despite the hike in mobile tariffs by telecom operators.
The flaw was found on the Application Program Interface (API) of Airtel’s mobile app by independent security researcher Ehraz Ahmed, who claims to have found it in 15 minutes.
Bharti Airtel Limited, also known as Airtel, is an Indian global telecommunications services company based in Delhi. It is the third-largest mobile network operator in India with over 325.5 million subscribers.
The flaw would have exposed the data of nearly 325 million customers.
According to the case study published by Ehraz Ahmed, personal information such as first and last name, date of birth, email, gender, addresses, subscription details, device compatibility for 4G, 3G and GPRS, network information, activation date, user type (prepaid/postpaid) and even IMEI numbers of their mobile devices we’re exposed. The hackers could have gained access to mobile phones of users with all this information.
Airtel has now claimed to have fixed the issue after it was notified. The vulnerability did not impact users via Airtel’s website. However, the security flaw has not risked the financial details of the Airtel subscribers.
“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms,” an Airtel spokesperson said.
Even though Airtel has fixed the issue the question still remains if there was a data breach.
You may be interested in reading: ASP.NET Hit by Ransomware